FeaturedIT and Cyber Security

Locking out ransomware: A new way to look at security strategy

Ransomware attacks are accelerating at a record pace, becoming dramatically more frequent and sophisticated. Nearly 60% of companies experienced ransomware events in the last year, forcing businesses to pay a staggering $1 billion in ransom payments, a significant increase from the $220 million paid in 2019.

Change Healthcare is a recent example, experiencing one of the largest ransomware attacks in healthcare. The company was taken offline and attempted an unsuccessful $22 million payout, only to be hit by a second ransomware attack weeks later.

While the healthcare industry is particularly vulnerable, other sectors are also at risk. Technology, manufacturing, supply chain, retail, and government agencies at all levels are highly susceptible.

But why are organizations still so unprepared after catastrophic ransomware attacks like those on Colonial Pipeline, MGM, Kronos, and Maersk? The answer lies in inadequate data protection.

In the current data revolution, the volume and types of data are soaring, and AI applications are creating new use cases. However, organizations often rely solely on network protection strategies that do not address how data is collected, moved, and used today.

It’s time for companies to adopt a true data protection strategy.

The Evolution of Network Security Technology

Security technology has traditionally focused on protecting the network perimeter to prevent intruders from entering and moving within the network. Early firewalls used packet filtering, while stateful inspection firewalls made decisions based on active connections and traffic context. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) provided real-time monitoring, detection, and response to suspicious activities, eventually integrating with firewalls.

Today, cloud security services, often built on proxy-centric architectures, use powerful cloud processing to deliver advanced security solutions for cloud infrastructures. Despite their importance, these solutions focus on network and application protection. When they fail, attackers gain access to data, enabling ransomware attacks.

What Data Protection Means

Data protection can be likened to bomb attack prevention: preventing the attack is the first line of defense (network security), but additional measures (data protection) are necessary to mitigate damage if an attack occurs. Data protection strategies safeguard data files and databases even if network security is breached.

Creating a “data bunker” requires real-time understanding of data content and context, detecting sensitive information in any data set, and identifying unusual data access. For example, a system could recognize sensitive and mission-critical data based on content and configurable rules, preventing unauthorized data encryption attempts and thwarting ransomware attacks.

Key Requirements of a Data Protection Strategy

Zero Trust as the Default

Zero trust for data protection involves allowing only authorized and authenticated users to access data based on real-time insights into the data’s content. AI capabilities now make this real-time insight possible, enabling more effective data protection.

Session Awareness

Data session-awareness examines every request for content and context, allowing the system to adjust access permissions based on real-time zero trust requirements and evolving user needs. Session awareness also detects behavior indicative of ransomware attacks.

Zero Copies of Data

To minimize risk, companies should avoid making data copies. Instead, accessing and using data from its source systems reduces complexity, ensures data timeliness, and prevents data from being placed in vulnerable public cloud environments.

All Data Types

A data protection strategy must account for all data types, including tables, text, audio, video, email, and social media. It must understand the native languages of data sources and every human language in the data.

Real-Time, Dynamic Transformations

Data protection must operate in real time, with no delay between threat detection and response. The system must perform data analysis, create necessary combinations and transformations, and respond to attacks swiftly to meet zero trust requirements and business demands.

It’s Time for True Data Protection

The combination of increased computing performance and AI-powered neural networks now enables real-time understanding of data content and context, making a true data protection strategy technically feasible.

However, questions remain. If a vendor creates a “content and context aware” system, are customers at risk from the vendor? How are data insights delivered at speed and scale without using the public cloud? Does the strategy account for human error and potential intentional compromises?

As the industry shifts focus from network protection to data protection, these questions will be addressed, ushering in a new era of cybersecurity.

Related posts

Minimising firefighters’ exposure to toxic fire effluents

admin

Armstrong’s Fire Manager improves performance of intelligent fire pumps

Editor_Security

A guide to mobile access control systems

admin

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More